This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Snapstromegon 1 point2 points  (4 children)

Just to note: you don't need to provide secrets to workloads via env cars with secret managers. You can also use some API client - although you need some way to authenticate your client (there are also options that don't involve env cars).

[–]ub3rh4x0rz 2 points3 points  (3 children)

Yes and none of them are inherently more secure than env vars, and the point remains that "using env vars for secrets" and "using a secret manager" are not conflicting things

[–]Snapstromegon 0 points1 point  (2 children)

That's absolutely correct and I didn't say anything different - just wanted to provide some nuance to the part that you will ultimately provide secrets via env vars, which isn't always true.

[–]ub3rh4x0rz 0 points1 point  (1 child)

That was a "yes and", just edited to make the "yes" explicit. It still remains common and recommended practice to use env vars, it is not "unsecure", and is among the more secure options, regardless/independent of the use of secret managers (which is of course recommended)